Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
41424344454647484950
Table Of Contents
Endpoint Encryption activation sequence
When the EEAgent and EEPC/EEMac packages are successfully deployed, the users will be prompted to
restart their system.
The restart can be canceled, however, Endpoint Encryption will not become active on the client until the
restart has occurred. Also note that hibernation and using new USB devices will be impaired until a
restart is issued. Therefore, the restart is essential for activation of Endpoint Encryption on the client to
proceed.
Endpoint Encryption Status
System restarts as initiated. You will not yet see the PBA page as the Endpoint Encryption software is
not yet active on the client. However, you should now be able to see the new option:
Quick Settings | Show Endpoint Encryption Status in McAfee Agent System Tray on the client system (EEPC)
Encryption icon | McAfee Endpoint Encryption System Status on the menu bar that is present on the desktop
of the client (EEMac)
EEAgent synchronization with the McAfee ePO server
The status in the Show Endpoint Encryption Status window will show as Inactive until EEAgent synchronizes
with the McAfee ePO server and gets all the users assigned to it. This is referred to as an ASCI event.
It can be manually triggered on the client by opening the McAfee Agent Status Monitor and clicking Collect and
Send Props. It can also be triggered from the McAfee ePO server by doing an agent wakeup call,
otherwise, you will need to wait for the scheduled agent server communication interval to occur (the
default is 60 minutes). After two agentserver communication intervals the status, Endpoint Encryption
activation will begin. The activation process requires a number of McAfee ePO events to be sent, and
this can take some minutes to occur. Once the clientserver communication has completed, the
Endpoint Encryption Status will switch to Active and encryption will start based on the policy defined.
During EEPC activation, hibernation cannot be used. It is recommended that hibernation is disabled
through Active Directory Group Policy while the rollout is in progress. The hibernation feature in EEMac
is also disabled when EEMac is active.
User intervention during encryption
The user can continue to work on the client system as normal even during encryption. Once the entire
disk is encrypted, the technology will be completely transparent to the end user.
It is safe and riskfree to restart the client system during encryption.
PBA
When the client system is restarted and Endpoint Encryption is first activated, the user should log on
with the username that matches the user attribute set in the EE LDAP Server User/Group Synchronization task
and the default password of 12345 (this is the McAfee default password which can be changed in the
User Based Policy) in the PBA page. The user is then prompted to change this password and enroll for
selfrecovery based on the policy set.
If you want the system to capture the user's credentials automatically without having to make them
use a default password on PBA, enable the Do not prompt for default password option under User Based Policies |
Password.
We recommend that you change the default password and enforce policies with stronger passwords.
Deployment and activation
Endpoint Encryption activation sequence
4
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide
41